From: Roman Mamedov <rm@romanrm.net>
To: wireguard@lists.zx2c4.com
Subject: Getting IPv6 route advertisements to work over WG
Date: Mon, 27 Aug 2018 17:14:26 +0500 [thread overview]
Message-ID: <20180827171426.7c4ec614@natsu> (raw)
Hello,
I am trying to get IPv6 link-local IPs and route advertisements to work over
WG. The reason is not for the usual case of address autoconfiguration, but to
use RA as a dynamic routing protocol of sorts, as it can distribute routes --
or in case of WG (where routes need to be static in AllowedIPs), act as a
keep-alive protocol.
Example use: a host can be connected to a network via a number of independent
routers (and separate WG tunnel to each); in case one of the routers goes
down, the route entry that it was sending via RA times out, so the host will
automatically use the other one(s) to reach that network. It would look
similar to this:
# ip -6 route
...
fd00::/32 via fe80::be:a0ff:fe18:4aac dev wg1 proto ra metric 1024 expires 30sec pref medium
fd00::/32 via fe80::e8:4fff:fe94:2d7f dev wg2 proto ra metric 1024 expires 119sec pref medium
fd00::/32 via fe80::43:31ff:fec0:da97 dev wg3 proto ra metric 1024 expires 86360sec pref low
...
What works:
* manually assigning link-local(LL) IPs on both sides of a WG tunnel
(fe80:[somethingrandom]/64 scope link);
* any normal communication over these LL IPs (assuming they are also present
in AllowedIPs);
* running RADVD with WG link as one of its interfaces;
* explicitly requesting and receiving a RA, via using 'rdisc6' while specifying the
other side's LL IP;
What doesn't:
* it appears multicast not supported, so anything involving
multicast, as in automatically requesting RAs on the kernel side, or
manually with 'rdisc6' but without specifying peer's LL:
# rdisc6 wg3
Soliciting ff02::2 (ff02::2) on wg3...
Sending ICMPv6 packet: Required key not available
I found discussion[1], but it is unclear what is the outcome. In any case, I
would like to add my vote to please add some kind of multicast support, even
if just as a dumb broadcast for now. It would work just fine for a lot of
cases; don't know about others, but my WG networks tend to include at most 2-3
hosts each (but there's a lot of independent networks).
[1] https://lists.zx2c4.com/pipermail/wireguard/2017-April/001177.html
--
With respect,
Roman
next reply other threads:[~2018-08-27 12:00 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-08-27 12:14 Roman Mamedov [this message]
2018-08-27 13:32 ` Getting IPv6 route advertisements to work over WG netravnen
2018-08-27 13:53 ` Roman Mamedov
2018-08-27 14:46 ` Riccardo Paolo Bestetti
2018-08-27 14:55 ` Matthias Urlichs
2018-08-27 21:14 ` StarBrilliant
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180827171426.7c4ec614@natsu \
--to=rm@romanrm.net \
--cc=wireguard@lists.zx2c4.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).